#!/bin/bash

# Copyright (c) Microsoft Corporation
# All rights reserved.
#
# MIT License
#
# Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
# documentation files (the "Software"), to deal in the Software without restriction, including without limitation
# the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and
# to permit persons to whom the Software is furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
# BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

OPENPAIDOMAIN={{k8s["master_ip"]}}
ssl_phrase={{cfg["ssl_phrase"]}}
work_dir={{k8s["working_dir"]}}

cd ${work_dir}

{% if cfg["ssl_phrase"] is not defined %}
openssl genrsa -des3 -out ${OPENPAIDOMAIN}.key 1024
{% else %}
openssl genrsa -des3 -passout pass:${ssl_phrase} -out ${OPENPAIDOMAIN}.key 1024
{% endif %}

SUBJECT="/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=${OPENPAIDOMAIN}"
{% if cfg["ssl_phrase"] is not defined %}
openssl req -new -subj ${SUBJECT} -key ${OPENPAIDOMAIN}.key -out ${OPENPAIDOMAIN}.csr
{% else %}
openssl req -passin pass:${ssl_phrase} -new -subj ${SUBJECT} -key ${OPENPAIDOMAIN}.key -out ${OPENPAIDOMAIN}.csr
{% endif %}

mv ${OPENPAIDOMAIN}.key ${OPENPAIDOMAIN}.origin.key

{% if cfg["ssl_phrase"] is not defined %}
openssl rsa -in ${OPENPAIDOMAIN}.origin.key -out ${OPENPAIDOMAIN}.key
{% else %}
openssl rsa -passin pass:${ssl_phrase} -in ${OPENPAIDOMAIN}.origin.key -out ${OPENPAIDOMAIN}.key
{% endif %}

openssl x509 -req -days 3650 -in ${OPENPAIDOMAIN}.csr -signkey ${OPENPAIDOMAIN}.key -out ${OPENPAIDOMAIN}.crt
